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RECEIVED 
CENTRAL FAX CENTER 

MAR 02 2007 

In the United States Patent and Trademark Office 

Applicants: David Barritigton Everett et aL 
Application No.: 09/932,013 
Filed: August 17, 2001 

Title: SECURE MULTIPLE APPLICATION 
CARD SYSTEM AND PROCESS 

Group Art Unit: 2137 

Examiner: Mathew Smithers 

Attorney Docket No.: 40000059-0150 

Confirmation No.; 4815 



Mail Stop PETITIONS 

Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 
FAX: 571-273-8300 

RENEWED PETITION UNDER 37 C.FJL 1.55(c) 

Sir: 

On November 20, 2006, Applicants filed with the United States Patent and 
Trademark Office (USPTO) a Petition to Accept Unintentionally Delayed Claim of 
Priority, accompanied by the claim, the surcharge, and a statement, as required by 
elements (1), (2) and (3), respectively, of 37 C.F,R. 1.55(c). In response to the Decision 
on Petition under 37 C.F.R. 1.55 (the "Decision"), mailed January 30, 2007, and as 
invited by the USPTO on page 2, second paragraph, of the Decision, a renewed petition is 
submitted herewith, The following is submitted: 

Renewed Petition under 37 CFR 1.55(c) begins on page 2 of this paper. 
Remarks begin on page 3 of this paper, 

Enclosures: (1) Inventors' Declaration 

(2) Certified copy of priority document 

(3) Power of Attorney and Change of Correspondence Address 



I hereby certify that mis correspoadence is being deputed 
with the United States Postal Service as first class mail with 
Sufficient postage in on envelope addressed to Mail Stop 
Petitions, Commissioner for Patents, P.O. Bo* 1450 t 
Alexandria, VA 223 13-1450, and is&rthcr being 
communicated to the USPTO by facsimile to (571)273- 
8300, ATTN: Office of Petitions. 

on M^A 

Date of Deposit 

Edward J. Radb, Reg No. 26.793 
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CENTRAL FAX CENTER 

MAR 0 2 2007 

RENEWED PETITION UNDER 37 C.F.R. 1.55(c) 

Pursuant to 35 U.S.C. §1 19(a) and 35 U.S.C. §120, the above-identified 
application is entitled to the benefit of the filing date of the following prior application: 
Great Britain patent application No. 9703591 .9 filed on February 21, 1997 and entitled 
"Multiple Application Computer System." Applicants unintentionally failed to expressly 
claim this priority in the application as filed and unintentionally failed to present this 
claim during the time period provided by 37 C-F.R, §1. 55(a). 

APPLICANTS HEREBY PETITION FOR ACCEPTANCE OF THE 
UNINTENTIONALLY DELAYED CLAIM FOR PRIORITY 



(1) CLAIM: "This application is a continuation of and claims priority to United States 
patent application no. 09/076,551, filed on May 12, 1998, entitled "Secure Multiple 
Application Card System and Process," now U.S. patent 6,3 17,832, which is a 
continuation of and claims priority to United States patent application 09/023,057 filed 
on February 12, 1998, entitled "Secure Multi-Application IC Card System Having 
Selective Loading and Deleting Capability," now U.S. patent 6,575,372; and this instant 
application also claims the priority benefit of United States provisional patent application 
60/046,514 filed on May 15, 1997, entitled "Design for a MuM Application Smart Card"; 
United States provisional patent application 60/046,543 filed on May 15, 1997, entitled 
"Virtual Machine for a Multi Application Smart Card"; and Great Britain patent 
application 9703591.9 filed on February 21, 1997 and entitled "Multiple Application 
Computer System." All five of these prior applications are hereby incorporated by 
reference into the present patent application in their entireties," 

(2) . PETITION FEE: The surcharge of one thousand three hundred seventy dollars 
($1,370.00) set forth in 37 C.F.R. §1 , 17(t) for a large entity was included with the 
original Petition to Accept Unintentionally Delayed Claim of Priority, filed November 
20,2006. 



(3) STATEMENT: The entire delay between the date the claim was due under 37 
C.F.R. §1 .55(a)(1) and the date the claim was filed was unintentional. 
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RECEIVED 

CENTRAL FAX CENTER 

MAR 02 2007 

REMARKS 

Consideration of this Renewed Petition under 37 C.F.R. 1.55(c) (the "Renewed 
Petition"), and entry of the text immediately following "(1) CLAIM" of the Renewed 
Petition as the first paragraph of the specification of the instant application, are hereby 
respectfully requested. 

The original Petition to Accept Unintentionally Delayed Claim of Priority filed 
November 20, 2006, (the "Original Petition") was filed concurrently with an 
Amendment under 37 C.F.R. §1.312 (the "Rule 312 Amendment), which was enclosed 
with the Original Petition. The Rule 312 Amendment, which referenced the Original 
Petition and included a copy a thereof, was entered by Examiner Smithers. The USPTO 
informed Applicants of this action by way of a paper mailed January 31, 2007. The 
Original Petition, however, was dismissed in a decision (the "Decision on Petition") by 
Legal Examiner Lin. The USPTO informed Applicants of this decision by way of a 
paper mailed to Applicants on January 30, 2007. Pursuant to the recommendations 
made in telephone conversations between Applicants' attorneys and both Examiners, 
and, as invited at page 2, second paragraph, of the Decision on Petition, Applicants are 
hereby submitting the enclosed Renewed Petition. 

The Decision on Petition denied the Original Petition on the grounds that review 
of the file failed to disclose that the claimed priority information was included in an oath 
or declaration or in an Application Data Sheet, and, as a result, Examiner Lin was unable 
to determine that Applicants had complied with the requirements of 37 C.F.R. 
§ 1.63(c)(2). Enclosure 1 is a copy of the requested inventors' declaration identifying 
and claiming priority to Great Britain patent application 9703591.9 filed on February 21, 
1 997. This declaration was previously mailed to the USPTO on May 7, 1 998, during the 
prosecution of U.S. patent application 09/023,057 (the grandparent of the instant 
application), and was filed by the USPTO on May 11, 1 998. Because 37 C.F.R. 
§ 1.63(d) states that a newly executed oath or declaration is not required in a continuation 
application, and since the present application is a continuation of parent application 
09/076,551 , which is a continuation of grandparent application 09/023,057, the instant 
application has always been in compliance with the requirements of 37 C.F.R. §1.63. 
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The Decision on Petition also advised that Applicants must either file a certified 
copy of the foreign priority application, or, if already filed, identify the application 
containing the certified copy of the foreign priority application. The foreign priority 
application was in fact previously submitted during prosecution of the instant application 
on July 27, 2004 (with a paper denominated "Amendment and Claim of Priority"), and 
additionally was previously submitted during prosecution of U.S. patent application 
09/023,057 (the grandparent application) at least twice (on February 5, 2003 and on 
April 1 5, 2003). Thus, the instant Application already complies with the requirements 
of 37 CF.R, §l, 55(a)(2), For the convenience of the Legal Examiner, Enclosure 2 is yet 
another certified copy of Great Britain patent application 9703591. 9 filed on February 
21, 1997. 

The Decision on Petition further advised that the amendment to the specification 
foiled to state the relationship of U.S. patent application 09/023,057, filed February 12, 
1998, to the instant application. The priority claim language is being amended in 
accordance with the present Renewed Petition to clarify that the instant application "is a 
continuation of" and claims priority to parent U.S. patent application 09/076,55 1 . This 
was already indicated on Addendum Sheet 2 of Applicants 5 Utility Patent Application 
Transmittal dated August 17, 2001, and was stated in the first paragraph of the instant 
application as originally filed. The priority claim language is being further amended in 
accordance with the present Renewed Petition to clarify that parent U.S. patent 
application 09/076,55 1 "is a continuation of and claims priority to grandparent U.S. 
patent application 09/023,057. This was already indicated in the first paragraph of 
parent U.S. patent application 09/076,551 and in Item 63 on the face of parent U.S. 
patent 6,317,832, which issued from parent U.S. patent application 09/076,551 . As 
discussed above, the foregoing changes to the priority claim language are mere formal 
clarifications, inasmuch as the instant application always stated that it is a continuation 
of the parent, and the parent application always stated that it is a continuation of the 
grandparent, in accordance with 37 C F.R. 1.78(a)(2)(i), 

Applicants respectfully request the USPTO to (1) grant the present Renewed 
Petition and (2) enter the requested language in the first paragraph of the specification. 
If the petition is granted at a time by which the entry of the requested language cannot be 
made prior to issuance of the patent, Applicants are willing to obtain entry of the 
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SONNENSCHE I M NATH 



RECEIVED 
CENTRAL FAX CENTER 



NO. 2343 P. 6 



MAR 02 2007 



requested language by means of a Certificate of Correction after the instant application 
issues as a patent. 

If there are any additional fees due in connection with this communication, 
please charge Deposit Account No. 19-3140. This sheet is being submitted in duplicate. 



SONNENSCHEIN NATH & ROSENTHAL LLP 

P.O. Box 061080 

Wacker Drive Station, Sears Tower 

Chicago, Illinois 60606-1080 

(415)882-2402 



enclosures: (1) Inventors' declaration 

(2) Certified copy of priority document 

(3) Power of Attorney and Change of Correspondence Address 

cc: B. McKeon (w/o encl.) 

IP/T docket CH (w/o encl.) 



Respectfully submitted, 



Edward J. Radio 
Attorney of Record 
Reg. No. 26,793 
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NO. 2843 P. 7 



Application No. 09/932,013: RENEWED PETITION TO ACCEPT 
UNINTENTIONALLY DELAYED CLAIM OF PRIORITY 



ENCLOSURE 1. 

Inventors' Declaration as filed May 7, 1998 in U.S. patent application 09/023,057 
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BAKER* TTS.LX.P. 

FELE i j.: A3 1503-28 17/36731 
COMBINED DECLARATION 
AND POWER OF ATTORNEY 

(Original, Design, National Stage of PCT, DivisionaJ, Continuation or C-I-P Application) 

As a below named inventor, I hereby declare that: 

My residence, post office address and citizenship are as stated below next to my name; I believe 1 am the original, 
first and sole inventor (if only one name is listed below) or an original, first and joint inventor (if plural names are 
listed below) of the subject matter which is claimed and for which a patent is sought on the invention entitled: 
SECURE MULTI-APPLICATION IC CARD SYSTEM HAVING SELECTIVE LOADING AND DELETING 
CAPABILITY 

This declaration is of the following type: 

[X] original 
[] design 

[] national stage of PCT. 

[] divisional 

[] continuation 

[] continuation-in-part (C-I-P) 

the specification of* which: (complete (a), (b) t or (c)) 

(a) ( ] is attached hereto. 

(b) [X] was filed on 2/12/98 as Application SeriakNo. 09/023,057 and was amended on (if applicable). 

(c) [ ] was described and claimed in PCT International Application No. filed on and was amended on (if 

applicable). 

Acknowledgement of Review of Papers and Duty of Candor 

I hereby state that I have reviewed and understand the contents of the above identified specification, 
including the claims, as amended by any amendment referred to above. 

I acknowledge the duty to disclose information which is material to the patentability of the subject matter 
claimed in this application in accordance with Title 37, Code of Federal Regulations § 1.56. 

[ ] In compliance with this duty there is attached an information disclosure statement. 37 CFR 1.98. 

Priority Claim 

I hereby claim foreign priority benefits under Title 35, United States Code, § 1 19(a)-(d) of any foreign 
application(s) for patent or inventor's certificate or of any PCT International AppUcation(s) designating at least one 
country other than the United States of America listed below and have also identified below any foreign 
application(s) for patent or inventor's certificate or any PCT International Application^) designating at least one 
country other than the United States of America filed by me on the $ame subject matter having a filing date before 
that of the application on which priority is claimed 

(complete (d) or (e)) 

(d) [ ] no such applications have been filed. 

(e) [X ] such applications have been filed as follows: 
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BAKER/ •"ITS, UUP. 

FILE. J.: A3 1503-28 17/36731 



PRJOR FOREIGN/PCT APPUCATIQN(S) F1UD WTTHIN 12 MONTHS (6 MOI^THS FOR DESIGN) PRIOR TO SAID APPLICATION 


COUNTRY APPLICATION NO. 


date of filing 

(day. month, year) 


DATE OF ISSUE 
(day, month, year) 


PRIORITY CLAIMED 
UNDER 33 USC U9 


Great Britain GB9703591.91 


21-2-97 




IX 1 YES NO ( ] 








11 YES NO () 








£ J YES NO [ \ 


ALL FOREIGN APPLICATION [S], IF ANY, FILED MORE THAN 12 MONTHS <6 MONTHS FOR DESIGN) PRIOR TO $AXD APPLICATION 








[ ) YES NO { ] 








[ J YES NO [J 








[ ] YES NO [ ] 



Claim for Benefit of Prior U.S* Provisional Applications) 

I hereby claim the benefit under Title 35, United States Code, § 1 19(e) of any United States provisional 
application(s) listed below: 



PTOYirional Applicadon Number 


Filing Dale 


60/046,514 


5/15/97 







Claim for Benefit of Earlier U.SyPCT Application^) under 35 tLS.C. 120 
(complete this part only if this is a divisional, continuation or C-I-P application) 



I hereby claim the benefit under Title 35, United States Code, § 120 of any United States application(s) or 
PCT international application(s) designating the United States of America that is/are listed below and, insofar as 
the subject matter of each of the claims of this application is not disclosed in the prior application(s) in the manner 
provided by the first paragraph of Title 35, United States Code § 112, I acknowledge the duty to disclose 
information as defined in Title 37, Code of Federal Regulations, § 1.56 which occurred between the filing date of 
the prior applications) and the national or PCT international filing date of this application: 



{Application Sena I No.) (Filing Dale) (Status) (patented, pending, abandoned) 



< Application Serial No.) (Filing Dace) (Status) (patented, pending, abandoned) 

Power of Attorney 

As a named inventor, I hereby appoint Dana M. Raymond, Reg. No. 18,540; Frederick C. Carver, Reg, No. 17,021; Francis J. Hone, Reg. 
No. 18,662; Joseph D. Garon, Reg, No. 20,420; Arthur S. Tenser, Reg. No. 18,839; Ronald B. Hildreth, Reg. No. 19,49S; Thomas R. 
Ncsbitt, Jr., Reg. No. 22,075; Robert Neuner, Reg. No. 24,3 16; Richard G. Berkley, Reg. No. 25,465; Richard S. Clark, Reg. No. 26, 1 54; 
Bradley B. Geist, Reg. No. 27,551; James J. Maune, Reg. No. 26,946; John D. Murnane, Reg. No. 29,836, Henry Tang, Reg. No. 29,705, 
Robert C. Scheinfeld, Reg. No. 31,300, John A. Fogarty, Jr., Reg. No. 22,348, Louis S. Sorell, Reg. No. 32,439 and Rochelle K. Seide 
Reg. No. 32,300 of the firm of BAKER & BOTTS, LX.P., with offices at 30 Rockefeller Plaza, New York, New York 101 12, as attorneys 
to prosecute this application and to transact all business in the Patent and Trademark Office connected therewith 



SEND CORRESPONDENCE TO: 


DIRECT TELEPHONE CALLS TO; 


BAKER & BOTTS, L.L.P. 


BAKER & BOTTS, LXJP. 


30 ROCKEFELLER PLAZA, NEW YORK, N.Y. 10112 


(212)705-5000 


CUSTOMER NUMBER; 21003 



I hereby declare that all statements made herein of my own knowledge are true and that all statements made 
on information and belief are believed to be true; and further that these statements were made with the knowledge 
that willful false statements and the like so made are punishable by fine or imprisonment, or both, under Section 
1001 of Title 18 of the United States Code and that such willful false statements may jeopardize the validity of the 
application or any patent issued thereon. 
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NO. 2843 P. 12 



BAKER* TTS. LXJP. 



FULL NAME OF SOLE 
OR FIRST INVENTOR 



RESIDENCE & CITIZENSHIP 



POST OFFICE 
ADDRESS 



DATE 



FULL NAME OF SECOND 
JOINT INVENTOR. IF ANY 



RESIDENCE & CITIZENSHIP 



LAST NAME 

Everett 



CITY 

East Sussex 



POST OFFICE ADDRESS 

31 Ashdown Avenue 
Saltdean, Brighton 



SIGNATURE OF INVENTOR 



FILE. A31503-2817/36731 



FIRST NAME 

David 



STATE or FOREIGN COUNTRY 

Great Britain 



CITY 

East Sussex 



middle name 
Banington 



COUNTRY OF CITIZENSHIP 

Great Britain 



STATE or COUNTRY 

Gt Britain 



ZIP CODE 

BN2 8 AH 



LAST NAME 

Miller 



POST OFFICE 
ADDRESS 



DATE . 

xo/3/9fr 



FULL NAME OF THIRD 
JOINT INVENTOR. IF ANY 



CITY 

Berks 



POST OFFICE ADDRESS 

9 Woodford Green 
The Warren, Bracknell 



FIRST NAME 

Stuart 



STATE or FOREIGN COUNTRY 

Great Britain 



City 
Berks 



SIGNATURE OF INVENTOR 




MIDDLE NAME 

James 



COUNTRY OF CITIZENSHIP 

Great Britain 



STATE or COUNTRY 

Gt. Britain 



ZIP CODE 

RG12 
9YQ 



LAST NAME 

Peacham 



FIRST NAME 

Anthony 



MIDDLE NAME 

David 



RESIDENCE L CITIZENSHIP 



CITY 

Kent 



STATE or FOREIGN COUNTRY 

Great Britain 



COUNTRY OF CITIZENSHIP 

Great Britain 



POST OFFICE 
ADDRESS 



POST OFFICE ADDRESS 



4 Lynwood 

Groombridge, Tumbridge l Walis 



CITY 

Kent 



r 



STATE Or COUNTRY 

Gt Britain 



ZIP CODE 

TN3 9LX 



DATE 

20 t\^X 



SIGNATURE OF INVENTOR 



FULL NAME OF FOURTH 
JOINT INVENTOR. IF ANY 



LAST NAME 

Simmons 



FIRST NAME . 



MIDDLE NAME 

Stephen*. 



RESIDENCE & CITIZENSHIP 



CITY 

Cambs 



STATE or FOREIGN COUNTRY 

Great Britain 



COUNTRY OF CITIZENSHIP 

Great Britain 



POST OFFICE 
ADDRESS 



POST OFFICE ADDRESS 

The Elms 

School Road, Brought 



CITY 

Cambs 



STATE Or COUNTRY 

Gt, Britain 




ZIP CODE 

PE17 3AT 



DATE 

W3 fe& 



SIGNATURE OF INVENTOR 



FULL NAME OF FIFTH 
JOfNT INVENTOR, IF ANY 



LAST NAME 

Richards 



FIRST NAME 

Timothy 



MIDDLE NAME 
Philip 



RESIDENCE & CITIZENSHIP 



CITY 

Herts 



STATE or FOREIGN COUNTRY 

Great Britain 



COUNTRY OF CITIZENSHIP 

Great Britain 



tOST OFFICE 
ADDRESS 



POST OFFICE ADDRESS 

32 Craig Mount, Radlett 



CITY 

Herts 



STATE or COUNTRY 

Gt Britain 



DATE 



"W* fa & 



SIGNATURE OF INVENTOR 



ZIP CODE 

WD77LW 



FULL NAME OP SLXTH 
JOINT INVENTOR, IF ANY 



LAST NAME 

Viner 



RESIDENCE 4t CITIZENSHIP 



CITY 

Surrey 



POST OFFICE 
ADDRESS 



POST OFFICE ADDRESS 

Hydes, Woodlands Lane, 
Windlesham 



Date 



FIRST NAME 

John 



STATE or FOREIGN COUNTRY 

Great Britain 



CITY 

Surrey 



MIDDLENAME 

Charles 



COUNTRY OF CITIZENSHIP 

Great Britain 



STATE or COUNTRY 

Gt Britain 



SIGNATURE OF INVENTOR 



ZIP CODE 

GU206AN 



PAGE 
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Application No. 09/932,013: RENEWED PETITION TO ACCEPT 
UNINTENTIONALLY DELAYED CLAIM OF PRIORITY 

ENCLOSURE 2. 
Certified copy of priority document 
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Office 



o 



2 



T<S> V 



INVI^TOH [» PEOPLE 



The Patent Office 
Concept House 
Cardiff Road 
Newport 
South Wales 
NP10 8QQ 



the undersigned, being an officer duly authorised in accordance with Section 74(1) and (4) of 
Jhe Deregulate & Contracting Out Act 1994, to sign and issue certificates on behalf of the 
Comptroller-General, hereby certify that annexed hereto is a true copy of the documents as 
Inginally filed in connection with the patent application identified therein. 

klso certify that by virtue of an assignment registered under thePatents Act 1 977, the application 
•now proceeding in the name as substituted. 

cordance with the Patents (Companies Re-registration) Rules 1982, if a company named in 
ertificate and any accompanying documents has re-registered under the Companies Act 1 980 
the same name as that with which it was registered immediately before re-registration save 
Ui« substitution as, or inclusion as, the last part of the name of the words "public limited 
[any" or their equ.valents in Welsh, references to the name of the company in this certificate 
tar accompanying documents shall be treated as references to the name with which it is so 
listened. 



I In; 



Jrdance with the rules, the words "public limited company" may be replaced by p.l.c, pic, 
lor PLC. 



bubje 



ration under the Companies Act does not constitute a new legal entity but merely 
the company to certain additional company law rules. 



Signed 



Dated 3 1 January 2003 



An Executive Agency orihcDepanmenLofTyadeand Industry 
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By vimie of a dirtctitni ijivcn under Section 30 of the Patents Act 1977, the application is proceeding m the name of 

MONDEX INTERNATIONAL LIMITED, Incorporated in the United Kingdom, 9 
Cheapside, LONDON, EC2V 6AD, United Kingdom [ADP No. 071821240O1] 
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rorm 1/77 



, A tents Aci 1977 
(Rule 1 6) 



Office 



P01/77O0 25.00 



Request for grant of a patent 

/2k? notes on the back of zbuf femt. You can also 
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MULTIPLE APPLICATION COMPUTER SYSTEM 

The invention relates to a computer system in which a 
population of computers has access to multiple applications. The 
i computers may be personal computers (PC's) or. for example, integrated 
circuit cards (ICC's) known as "smart cards". The applications may be 
programs available from a variety of sources including computer tape or 
disc and in particular remote computers with which a serial link, typically by 
telephone, is established. 

In the PC environment it is customary to distribute 
applications on floppy discs or CD ROMS and to retain them on a local 
hard disc for operation, (n many ways this is inconvenient, demanding 
high capacity local storage media and presenting difficulties with updates. 
In the field of smart cards the problem of local application storage is much 
more acute, because storage capacity in the integrated circuit is relatively 
very limited. A solution in both cases is to make available applications 
held remotely and download them via a remote Jink. Internet and intranet 
systems are ideal vehicles for this and it is possible to run PC's from the 
internet application modules (or "applets" as they are called) for immediate 
running and then to discard them. The applets require no local long-term 
' storage capacity. The system is known as JAVA. 

Two difficulties are associated with downloaded applications. 
The first is hardware compatibility. Different computers have different 
microprocessors and different operating systems. It has been customary 
to re-write applications to cater for different computers, but this is cost- 
effective only for large, widely used and static applications. It is not 
practicable for applets. The second problem is control of the applets. 
Without control it would be possible for applets to make direct hardware 
calls to take control of local storage or communication devices. . This could 
be mischievous at best and severely damaging or criminal at iW prst. ■ - . ■ 
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JAVA meets these two difficulties by ensuring that the applets are written 
in a common high-level interpreted language and that a local interpreter 
processes the applet instructions. Thus, all applets are written in the 
same language and the interpreter constitutes both a hardware and a 
5 control buffer. Similarly, and for the same reasons, proposals have been 
made for on-board interpreters in smart cards to run downloaded high-level 
language applications. 

The wide availability of multiple applications to a population of 
computers raises another problem. For various reasons it may be 
1 0 desirable to restrict the availability of certain applications to certain 

computers. For example, some applications may make demands which 
the hardware of a particular computer cannot meet. These represent 
technical limitations present in spite of the interpreter arrangement 
Furthermore there may be commercial or moral restraints to be placed on 
15 the accessibility of certain applications to certain computers. The present 
invention seeks to provide a solution to this problem. 

According to the invention there is provided a computer 
system comprising a population of computers; tamper-resistant modules 
each associated respectively with one of said computers; a plurality of 
20 computer applications; provider means for holding the computer 

applications; and means for coupling the provider means to the computers 
for downloading the computer applications to the computers, wherein, in 
any given pair of (a) a tamper-resistant module and (b) an application there 
is included (i) with one member of the pair a class identifier identifying at 
25 least one class to which the member belongs and (ii) with the other 
member of the pair an exclusion bit-map specifying certain classes, the 
system being such that comparison of the class identifier with the exclusion 
bit-map allows certain applications to be inhibited from running on certain 
computers. 

30 It will be appreciated that an exclusion brt-map may specify 
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classes which are excluded or may specify classes which are included. In 
the latter case the absence of an inclusion for a class is taken as an 
exclusion. 

The arrangement according to the invention allows the 
5 provision of computer specific applications or application specific 

computers. Perhaps both the tamper-resistant module and the application 
have both class identifiers and bit-maps so that mutual control may be 
. exercised. However, in a preferred embodiment of the invention the 
tamper-resistant module has the bit-map and the application has class 

10 identifiers. The Integrity of the system depends upon both the bit-map and 
the class identifiers being secure. The tamper-resistant module secures 
the bit-map and the class identifiers are preferably secured by an 
encryption system in which a class identifier section of the application is 
digitally certified by a system manager. 

15 In a preferred embodiment of the invention class identifiers 

are provided both for the tamper-resistant module (TRM) and the 
application. These are regarded respectively as TRM identifiers and 
application identifiers. Both the TRM and the application are issued by 
respective issuers and their identifiers can be considered in two parts, 

20 namely an l/D and an issuer. Thus, the two class identifiers may be 
represented as:- 

(a) TRM l/D 

(b) TRM Issuer 

(c) Application l/D 
25 (d) Application Issuer 

The above four entities may be used to define access rights 
in the system. 

The computers may be PC's, in which case the tamper 
resistant modules may be smart cards read by readers attached to the 
30 computers or, for example, dongles, PC cards or PCMIA cards connected 
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to the computers. 

In a preferred embodiment of the invention the computers are 
embodied in integrated circuits which are themselves the tamper-resistant 
modules. Typically, the integrated circuits are mounted in smart cards. 

The invention will further be described with reference to the 
accompanying drawings, of which:- 

Figure 1 is a schematic diagram of a computer system 
embodying the invention; 

Figure 2 is a diagram of the structure of an application 
message in the system of Figure 1; and 

Figure 3 is a diagram of a bit-map and associated memory in 
the MCD of Figure 1. 

Referring to Figure 1 there is shown in schematic form the 
relationship between entities in a computer system according to the 
invention. The system uses a large population of smart cards as individual 
computers, one of which is illustrated at 1 comprising an integrated circuit 
chip 2 (tamper-resistant.module) which includes a microprocessor 3, 
random access memory (RAM) 4, read only memory (ROM) 5 and 
electrically erasable programmable read only memory (EEPROM) 6. A 
serial interface 7 is connected to a contact pad 8 whereby programs and 
data are passed to the chip 2. 

For convenience the system will be designated hereinafter as 
MAOS (multi-application operation system). Smart cards such as 1 are 
designated MAOS card devices (MCD's). The MCD's are issued by MCD 
issuers and one is shown at 9. When issued, the MCD is carried and used 
by a user who inserts it into a card reader associated with a terminal or 
telephone to load applications and manipulate data. An example of such 
use is in the MONDE* (Registered Trade Mark) system of value transfer 
where the MCD incorporates an electronic purse application for receiving 
and paying "electronic cash*. In this case the MCD issuer might be 
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MONDEX. Here it is important to note, however, that applications other 
than MONDEX applications are loadable on to the MOD. 

Applications are issued by application issuers. One is shown 
at 10, Usually, the applications will be transmitted by telephone line but it 
is possible that they may be downloaded on to the MCD's from other 
sources such as a computer equipped with a smart card reader. The 
system is controlled by a MAOS system manager (MSM) which is 
accessible to the MOD issuers and the application issuers by telephone 
link. 

When an MCD is issued by an MCD issuer it has:- 

(a) MCD l/D (identity) and 

(b) MCD Issuer 

These are sent to the MSM with a request that the MCD be 
enabled subject to certain rules which govern applications which may be 
loaded on to the MCD. The MSM causes a bit-map to be written to the 
EEPROM of the MCD which will determine the required application access 
rules. The MCD is then enabled. The MCD has a set of encryption keys 
in a public/secret key system such as that known as RSA. The MSM has 
a database 11 which records the MCD public keys against their MCD I/D's. 
Also, there is a global key pair for the MSM and the enabling procedure. 

When an application issuer wishes to prepare a new 
application for issue it will have;- 

(c) an Application l/D and 

(d) an Application Issuer 

These details are passed to the MSM with a request for a 
digital certificate. The digital certificate is an encrypted certificate of the 
application including (c) and (d) together with the public key of the 
application issuer's public/secret key pair and signed with the secret key of 
the MSM. 

When a user takes his enabled MCD and requests an 
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application from the application issuer he receives a message structured 
as shown in Figure 2. The message consists of an application unit 12 
signed cryptographically with the application issuer's secret key, giving a 
digital signature 1 3 and certified by the MSM certification key 14 which, as 
stated above, includes at least items (c) and (d) together with the 
application issuer's public key. 

The procedure then adopted at the MCD is:- 

(1 ) Apply the MSM public key to verify the message and 
derive (c), (d) and the application issuer's public key; 

(2) Check (c) and (d) against the exclusion bit-map held in 
EEPROM to determine whether the program is excluded. 

(3) If so, abort. If not 

(4) Apply the application issuer's public key to derive the 
application and load it into EEPROM. 

Unlike the JAVA scenario, the application will remain loaded 
until it is deliberately deleted. There are restrictions on who may delete 
applications and deletion requests must be made to an authorised body 
such as the MCD issuer or perhaps the application issuer. 

Figure 3 shows schematically the bit-map held in EEPROM. 
The bit-map 15 is a set of 160 contiguous bits (20 bytes). Generally, 
different bits code for different predetermined characteristics represented in 
items (c) and (d). For example, the application l/D may include a code 
classifying it as a legal application with an additional classification for 
English language. Item (d) will define the program issuer. In the bit-map 
15 the first four bits might code for program types: Financial; Legal; 
Medical; Recreational. The next twenty bits might be coded for respective 
application issuers. The bits are set with a binary 'V if the code is 
acceptable for the application to be loaded and with '0' if not. Thus, if any 
of the parameters of items (c) and (d) correspond with an exclusion '0' in 
30 the bit-map then the process is aborted and the application is not loaded. 



20 



25 
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Otherwise the application is loaded and retained. 

In addition to the bit-map 15 there is a single-bit flag 16 and 
an application serial number at 17 (63 bytes)- The purpose of this is to 
allow the special case where the MCD is set up to accept only one 
5 program identified by serial number. If the flag 16 is set then the bit-map 
rs ignored and a check is made for the required serial number. 

It will be understood that the program for effecting the bit-map 
and serial number checking described above is permanently held in ROM 
on EEPROM and is evoked automatically when an application is to be 
10 loaded. 

In the system described above, the MCD has items (a) and 
(b) together with rules held in the brt-map with regard to unacceptable 
components of items (c) and (d). The application has items (c) and (d). It 
is possible, however, for the applications to carry rules with regard to 

15 unacceptable components of items (a) and (b). In that sense there will be 
a bit-stream in the application which can be held in MCD memory as the 
application bit-map. This can be equivalent in all respects to the structure 
and operation of the MCD bit-map. Thus there may be an MCD bit-map, 
an application bit-map or both. 

20 In some applications parts of the application itself may be 

enciphered. If so ( use can be made of the public key of the MCD to effect 
key recovery for deciphering. 

Having regard to the foregoing description it will be 
appreciated how the invention may be applied to the PC environment 

25 where a PC/tamper-resistant module combination is substituted at the user 
for the MCD. 
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